Patch Manager is RunCloud’s built-in tool for applying publicly available OS and software patches across your servers. It brings patches from upstream sources into a single interface so you can see which servers need attention and apply updates without manually logging into each one.

With Patch Manager, you can:

  • See which servers need attention based on OS, web server type, architecture, and other criteria.
  • Apply patches to multiple servers in bulk, all from one place.
  • Track patch status in real time as each server progresses through the patch lifecycle.
  • Maintain a full audit trail of every patch applied.

Important: Patch Manager surfaces publicly available patches from upstream sources (such as your OS vendor or software maintainer). It provides a structured way to apply those patches via RunCloud. It is not a vulnerability research tool and does not create custom or virtual patches.

Patches are not applied automatically to ensure you maintain full control over your server environment. Applying patches, especially those that require a reboot, can cause downtime. By requiring manual intervention, we ensure that you can choose the optimal time to apply updates and prevent service disruptions.

RunCloud Settings page with the Patch Manager option highlighted in the Workspace navigation menu.

You will see the Patches list, which displays all currently active patches available for your servers.

Patch Manager page listing an available patch, its release date, reboot requirement, and View Details link.

Only patches relevant to your servers will appear. If no patches are listed, none of your servers currently match any active patch criteria.

Investigating & Assessing the Patches

Click View Details on any patch to open the patch detail page. This page contains everything you need to know before applying the patch.

Different patches carry different levels of risk and urgency; reviewing these details helps you make informed decisions.

Patch details page showing the patch description, affected system, matching server, status counters, and Apply Patch & Reboot button.

Patch Information

The top of the page displays:

  • Patch name: The name of the patch and its current status, such as “Reboot Required.”
  • Release date: The date RunCloud released the patch.
  • Description: Details of what the patch addresses and what it does.

Affected Systems

This section lists the criteria used to match servers to this patch. Only servers that match all listed criteria will appear in the Servers section. Criteria may include:

  • Web server type (e.g., NGINX, OpenLiteSpeed)
  • OS version (e.g., Ubuntu 22.04, 20.04)
  • Architecture (e.g., x86_64, Aarch64)
  • Installation type (e.g., Containerized, Native)
  • Database type (e.g., MySQL, MariaDB)

If you have servers that don’t appear in this patch, they don’t meet the criteria. This filtering ensures you only see servers that need patching.

Servers Section

The Servers panel shows:

  • Summary counters: Total servers matching this patch, broken down by status (Not Applied, Pending, Completed).
  • Search bar: Filter servers by name or IP.
  • Per-server status badges: Each server shows its current patch status.

You can select individual servers by clicking the checkbox next to each row, or use Select All to select every matching server for bulk patching.

Applying a Patch

Once you have selected the server(s) you want to patch, click Apply Patch & Reboot (or Apply Patch if no reboot is required).

This will open a confirmation modal where you can verify the number of servers selected, then click Apply Patch to confirm or Cancel to go back.

Apply Patch confirmation window warning that the selected server will restart automatically after the patch is applied.

Once you apply a patch, you can monitor each server’s progress on the patch detail page. The deployment process runs in the background, and you can navigate away from the page or perform other tasks while the update is underway. Server statuses will continue to update, and the current progress will be displayed whenever you return to the page.

Patch details page showing the server status as Completed and the patch deployment progress at 1 of 1 servers completed.

The summary counters will update as servers move through the following statuses:

Statuses

  • Not Applied: The patch has not yet been applied to this server.
  • Pending: The patch has been queued but has not started executing.
  • In Progress: The patch is currently being applied to this server.
  • Completed: The patch was successfully applied.
  • Failed: The patch could not be applied (see troubleshooting below).
  • Rebooted: The patch was applied, and the server has been rebooted successfully.

Frequently Asked Questions

Why don’t I see all my servers on a patch?

Patch Manager only shows servers that match the criteria defined for each patch (OS version, web server type, architecture, etc.). If a server doesn’t appear, it means it is not affected by that particular vulnerability. This filtering ensures you only see servers that genuinely need patching.

Can I apply patches to multiple servers at once?

Yes. Patch Manager supports bulk patching. You can select multiple eligible servers (or use Select All) and apply a patch to all of them in a single action. This is useful when you have many servers that need the same patch applied.

Where do the patches come from?

Patch Manager surfaces publicly available patches from upstream sources, such as your OS vendor or software maintainer. RunCloud does not research vulnerabilities or create custom patches. Patch Manager is a tool that makes it easier to apply publicly available patches without requiring you to SSH into each server individually.

Who can apply patches?

Any user with the Patch Manager permission in the Workspace or Personal Space can view and apply patches. Only RunCloud administrators can create and manage patches.

Do I need to reboot my server manually?

No. If a patch requires a reboot, the server will reboot automatically after the patch is applied. You do not need to trigger a reboot yourself.

Can I roll back a patch?

Patch rollback is not currently supported. If a patch causes issues on your server, contact RunCloud support immediately.

What happens if a patch fails?

If a patch fails on a specific server, the status badge for that server will show “Failed.” The patch can be reapplied to that server. If the failure persists, contact RunCloud support for assistance.

Can I schedule a patch for later?

Not at this time. Patches are applied immediately when you click Apply Patch. We recommend applying reboot-required patches during your scheduled maintenance windows.